Storing data on private devices and machines

Contact persons at MF:
IT director
Lars Moe 
Lars.Moe@mf.no 

Senior adviser, research
Unn Målfrid H. Rolandsen
research@mf.no 

You may use private devices when working with theses and research if the following two criteria are fulfilled:

  • you adhere to MF's routines for the use of private devices 
  • you conduct a Security and Risk Analysis (SRA) where you decide on whether or not you need to encrypt the data. 

If processing sensitive personal data, the data should as a default rule be encrypted.

Consult your supervisor when considering whether the above criteria apply to to your thesis.

Routines and security measures that you arrive at must be cleared by MF's IT director or research adviser.

Routines for the use of private devices

1. No other users should use the computer. If they do, family and friends must have separate accounts.
2. Minimize the risk of the machine being stolen, lost, forgotten and so forth (consider using a kensington lock, locked cabinet/safe etc.).
3. You must have good knowledge of the machine:
 

  • You should not have installed programs that you don't need/use.
  • You know which back-up and synchronizing solutions you use so that unencrypted material is not found in folders that are synched to Adobe, Google Music, Apple iTunes/iCloud, or back-up plans from Get, Elkjøp etc.

4. Follow standard practices for sound computer security (see also general internet safety tips)

  • Automatic security updates must be activated.
  • Anti-virus programs must be installed, up-to-date and activated.
  • Activate screen locks and login with password.
  • Use good, unique passwords.
  • Have an encrypted hard disk if possible (see elsewhere on encryption)
  • A healthy scepticism regarding links in e-mails and on web sites.
  • Caution when using unfamiliar wireless networks.

Are you still unsure whether can use personal devices?

Try conducting a security and risk analysis (SRA). Contact the IT department to reach clarity on more detailed questions about computer security.

Is it safer to use MF's computers?

As a rule, storing and processing data on MF's computers is somewhat safer than on personal devices. This is because

  • only the IT department has administrator rights on the machines.
  • the machines have centrally administered anti-virus and firewall solutions.
  • third-party software is updated regularly.

Network storage at MF is protected with access control. Contact the IT department to get customized access.

Risks involved with using MF's machines

When you use MF's computers, a back-up copy is automatically made of your storage. In practice, this means that copies of your material are made, also of that which might be sensitive. Contact the IT department in order to possibly limit the risks involved in this.

The student computers at MF are placed in an open library environment and will therefore be more susceptible to viewing and not being logged-off or screen-locked than employee machines, which are primarily stationary and therefore more physically tied to lockable rooms. Network storage and the computers at MF are connected to the internet and are therefore potentially vulnerable, even with firewalls, zones and strict regimens for remote access. 

 

Approval from MF - Storing data on private devices and machines

When filling in the NSD notification form, you may be asked to upload guidelines/approval from your home institution stating routines for processing personal data on private devices. Please upload this excerpt from MF's Standard Procedures for the Storage of Research Data (pdf).